A hacker shows how you can take over security cameras and bank accounts with just an email

Dan Tentler, a hacker and
security expert with Phobos Group.YouTube/Fusion

If you dare a hacker to break into your accounts,
chances are pretty high that you won't like the results.

Fusion's Kevin Roose dared
two hacking experts to spend a couple weeks trying to
gain access to his life — as long as they agreed not to steal
money or reveal his secrets publicly. The hackers used a
combination of social engineering (using lies and smooth
talk to gain key information) and malicious software to get deep
inside Roose's life, and it was shockingly easy.

"If he had been a malicious attacker, Dan said, he could
have done unspeakable damage: draining my bank account, ruining
my credit score, deleting years’ worth of photos, videos, and
important data from my hard drive, using secrets from my email
inbox and my work Slack to ruin my reputation," Roose
wrote in an article about the experience at Fusion.
"Anything, really."

Fusion put up a video of the ordeal on
YouTube, which showed how the hackers pulled it off.

After compiling a 13-page dossier on Roose based on social media
accounts and publicly-available data found online, the hackers
social engineered their way into his accounts. While
demonstrating this type of attack on video, a hacker named
Jessica Clark poses as Roose's wife in a call to his phone
company — as a YouTube video of a baby crying plays in the
background — and is able to get full control over his account.

"All it took was a crying baby and a phone call," Roose says.

It's one aspect of hacking that often gets overlooked, but
is hard to defend against. A person could have super-strong
passwords on their accounts, but a good social engineer can find
a weak link in customer service, as the video shows.

Besides social engineering tactics, hacker Dan Tentler tries the
more traditional route of "spear-phishing"
Roose, sending him an official-looking email designed to get him
to click on a malicious link inside. About 91% of targeted cyber
attacks begin this way, and Roose, like many others, falls
for it — then installing a security certificate that
gives the hacker total control over his computer.

From there, Tentler is able to grab all his passwords — including
the one for his password management app — and gains access to his
webcam to snap photos of him every two minutes, take a look
inside his bank account, and literally keep tabs on his
place through his Dropcam security camera.